Our app uses Firebase phone auth. The App Store review has rejected the app due to pushes being required:
Guideline 4.5.4 - Design - Apple Sites and Services
We noticed that your app requires push notifications in order to function.
Specifically, we noticed if the Push Notifications setting was not enabled on our device, we encountered an error message after entering our phone number within the app.
Next Steps
Push notifications must be optional and must obtain the user's consent to be used within the app.
And they've also attached the screenshot that depicts Firebase error "Remote notifications and background fetching need to be set up for the app [...]"
Firebase documentation states that APNs notifications are absolutely required for phone auth to function:
https://firebase.google.com/docs/auth/ios/phone-auth
To use phone number authentication, your app must be able to receive APNs notifications from Firebase. When you sign in a user with their phone number for the first time on a device, Firebase Authentication sends a silent push notification to the device to verify that the phone number sign-in request comes from your app. (For this reason, phone number sign-in cannot be used on a simulator.)
However App Store review guidelines state that Push Notifications must not be required in order for the app to function: https://developer.apple.com/app-store/review/guidelines/
4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information.
Users need to sign in before they can use the app (the app is about sending digital GIF invitations to your guests and sharing photos), which is why Push Notifications are basically required for the app to function, if the sign in method is Firebase phone auth.
We have tested the app a lot, and the authentication works without a problem when push notifications are enabled (on real devices, both in distribution Ad Hoc builds with production environment and development builds with sandbox environment).
Come to think of it, how did App Review team even disable Push Notifications? The notification center setting does not stop actual pushes, it just doesn't display them.
We have tested with this setting off, and firebase phone auth works fine, pushes are still coming through as expected.
I am very surprised with this issue, as Firebase is a huge service provider. Did anyone else encounter this issue?
Are there plans to remove APNs requirement for phone auth? Is there maybe some other way to use Firebase phone auth without pushes?
Firebaser here. We have released an updated Firebase Auth SDK, 4.2.0, as Leetmory mentioned, which should hopefully resolve these issues going forward.
The issue was caused by the fact that the Firebase Auth SDK using APNs to validate the request - this is to minimize the risk of SMS spam abuse or similar. The validation uses a silent APNs notification, so doesn't require explicit user consent for iOS 8 and above. However, this still failed if APNs was completely disabled, as in this review case.
The 4.2.0 release introduced the facility to use a reCAPTCHA prompt inside an SFSafariViewController (or webview for older iOS) to prevent abuse if APNs isn't available. We don't expect this to happen very much, but it accounts for the unusual state encountered here. It also enables support for testing Firebase Phone Auth on the simulator!
You'll notice there is a new uiDelegate parameter on the verifyPhoneNumber method. In most cases you wont need to use this, but it is part of the fallback verification.
What you will need to do, if you haven't already, is add the REVERSED_CLIENT_ID (from the GoogleService-Info.plist) as a custom URL scheme. This will allow the reCAPTCHA view to return validation to your app.
There is a gotchas to be aware of in the current version though:
In the callback from verifyPhoneNumber you'll need to redispatch to the main thread, using DispatchQueue.main.async {} - this will be fixed in the next version of Firebase Auth!
Other than that, things should work as normal! We definitely recommend supporting silent push where ever possible to ensure the best user experience.
For a full walk through, see the full Phone Auth developer guide.
UPD: Firebase 4.2.0 has rolled out, which fixes the issue. You will need to add your reverse-client-id which looks something like this: com.googleusercontent.apps.123456-abcdefg99 to URL schemes in your Info.plist, and you are set.
To find this
value, open the GoogleService-Info.plist configuration file, and look for the
REVERSED_CLIENT_ID key.
Firebase support has confirmed this bug and has given the response to this issue:
to me
Thank you for the detailed information Leet. This is indeed an odd situation, and our Phone Auth engineers are taking a look. I'll get back to you as soon as I have an answer.
Best,
Jeff
to me
Hi Leet,
Our engineers are working internally on a long-term fix for this, but in the meantime, would like to meet with you to see if we can figure out a workaround.
It appears that there is indeed a bug in Firebase phone auth / Firebase UI.
I contacted Firebase support and here's an excerpt:
In terms of the concern around users disabling push notifications - Disabling push notification for the app by the user does not normally prevent users from signing in using their phone number with Firebase Auth. Our requirement is that the app must set up and enable push notification, not the user. Regardless of if the user accepts or declines your app's push notification prompt phone auth will continue to work since we use silent pushes that don't require any action from the user.
I researched further and found that silent push notifications do indeed arrive to the device even when the user explicitly disables push notifications. To disable silent push notifications you would need to go to Settings -> Your App -> Background Refresh to disable it. See Is Silent Remote Notifications possible if user has disabled push for the app?
So you can tell the App Store Review team that your login will only work when Background Refresh is enabled. I don't believe this violates their terms.
EDIT
After some testing, it appears that phone auth can work when Background Refresh is disabled. However, it works for me because Firebase already has access to my APNS device token. I have found no way to disassociate my device token from Firebase - they provide no API for it. This unfortunately makes it impossible to test the scenario where a new user disables Background Refresh and Remote Notifications before doing the phone auth which I believe may be the cause of the error.
EDIT 2
I can confirm that on a fresh device with a fresh install of our app, if you disable Background Refresh then Firebase Phone Auth will not work. Once you enable it, it will work again.
The reason is that the SDK likely calls [[UIApplication sharedApplication] registerForRemoteNotifications] which is ignored by the system if a user manually disables the Background Refresh and Notifications settings.
Unfortunately there is no workaround until Firebase releases a new SDK which does not require APNs.
Related
This bounty has ended. Answers to this question are eligible for a +500 reputation bounty. Bounty grace period ends in 5 hours.
Scorb wants to draw more attention to this question.
I have a cross platform flutter app. I am using FCM to send notifications and they are not arriving on the iOS app in any state (foreground, background, terminated). I am testing on a physical device.
The notifications work on Android, so I know the topic subscription and send code is correct.
I have followed these steps for configuration defined here...
https://firebase.flutter.dev/docs/messaging/apple-integration/
To verify I have:
added and initialized firebase using google-services-info.plist.
created and added my APNS key
created the app identifier in the Apple Developer center and confirmed it matches my apps bundle id (and added push notification
capability for the identifier.
added push notification capability to the app in xcode
added background fetch and background remote notification capabilities to the app in xcode.
It seems like I have addressed every step to configure FCM on iOS. But none of my notifications arrive.
When the app is minimized, no system tray notification is triggered, and when in the foreground the FirebaseMessaging.onMessage is never triggered, like is is when on Android.
An important note is that this is the second iOS app added to this project, and the first iOS app works correctly. Though there is no indication that there are any special steps for a second app.
We saw a similar problem (for a native iOS app) where FCM would deliver to one app in the project but not the other. The mistake we made was not repeating the configuration in Firebase for the other apple bundle id since each app in our project has a different bundle id. Given it works for one of your iOS apps but not the other on the same project, it sounds like you've got the same issue.
Also, a good diagnostic step is to use the Firebase Console to manually send off a Push Notification to a particular app. It means you can then discount errors further upstream in your backend that may not have caused FCM to be invoked.
Have you tried to send testing notifications via firebase console?
You can log your device token in your app.
Background notification must work if you have done correct with firebase and APN settings despite without implementing some methods of AppDelegate file for remote notification on the next step.
Your question is very blur to have a specific answer but you can separate your concerns to find the issue and then try to resolve that:
1. Make sure about the APNs configuration
First, try to send a notification to your iOS app, directly using the APNS key. If you get the notification, it means you have configured the APNS correctly
2. Make sure about the firebase setup
Check with both the Android and iOS app and see if there are connected to the firebase console. You can use the real-time event to confirm that.
3. Make sure you have implemented the correct methods.
Firebase and apple have different methods for push notifications. Make sure you are implementing the correct one. Also, it may vary based on the configuration file of firebase. search for iOS firebase swizzling for more information
4. Make sure you got the right permissions from the user
You should get the notification permission from the user before trying to show any notification. Make sure you've done that
Note that you may have already tried some of these but I've mentioned them for the sake of completeness. Hope it helps you and others.
I've added Push Notification to my IONIC App using this tutorial: Using Push Notifications with Firebase in an Ionic + Angular App.
For Android all works fine, but on IOS notifications are not delivered. In my Firebase console there is an information that notification was sent, but nothing appeared on my IPhone. The app is installed by TestFlight (Internal Tests).
Questions would be:
How can debug or somehow detect where might be the problem?
If there is no way to check it, maybe there is a list of common problems with that?
Check if iOS push notifications permissions are enabled
Check to see if you receive a push notifications token when you run your app (it doesn't work on simulator, must be real device)
Register push notifications key on your apple developer account and add the key to your firebase app.
Push notifications on iOS is a bit tricky. This tutorial helped me: https://devdactic.com/push-notifications-ionic-capacitor/
Check on the client that it sends a push token to the server.
Check on the server if any errors are reported when pushes are sent to apple.
Check in the console logs whether and pushes appear on your client device.
Check in the app if any push notifications are received.
In addition to following the advice already listed and assuming that you have followed the linked tutorial in detail, what helped me to understand the problems related to my experience with push notifications is to check the validity of the token received from the
// On success, we should be able to receive notifications
PushNotifications.addListener('registration',
(token: PushNotificationToken) => {
alert('Push registration success, token: ' + token.value);
}
);
is to contact this link https://iid.googleapis.com/iid/info/{{Token}}?details=true by entering your received token. If the response contains an error your configuration is incorrect and the error should be found in the changes applied to AppDelegate.swift. Furthermore, I noticed that not always the listener to capture the token does not always activate after a registration and I had to insert in my app also the #capacitor-community/fcmplugin that offers the method
FCM.getToken ()
.then ((r) => alert (`Token $ {r.token}`))
.catch ((err) => console.log (err));
which always returns the token according to my tests, this solution has been applied only for iOS, moreover this plugin also allows you to manage topics efficiently. It's definitely not a clean solution but for me it solved a problem I've been struggling with for days. The last advice I can give you is to pay attention to the activation and deactivation of the listners and to try to use setTimeout () to understand if your failure to work derives from an incorrect initialization of the resources and if these must be moved to the app states where the resources required by the various methods are available.
If I enable FCM swizzling in iOS, I found that the FCM token is still there even when user turns off the device notification setting for my app(probably saved in app data).
It seems not logical to manage this setting anymore inside the app since FCM takes care of that part for me.
I have 2 questions:
Do I need to create a Notification setting switch inside my app so that user can turn on or turn off the notification?
If I need to do #1, how do I call the FCM registration manually?
I know that this api [FIRApp configure] will do everything automatically.
I think following pointers should help you answer the question.
Generically (Regardless of which SDK you use), generating and maintaining deviceToken is completely decoupled from the permissions prompt and the response given to that prompt. There are use cases like silent pushes which can be used to send pushes to the device without even asking the user for permissions (well, these pushes invoke your app for data refresh, but can not show anything on UI)
Even when we prompt the user for permissions, denying the permission does not invalidate the token that has been generated already. The UI based pushes(Alert, Badge, Sound) sent in this case, will still land on the device but iOS will not render those notifications after checking the user's permissions.
So based on above data points, to answer your question,
Do I need to create a Notification setting switch inside my app so that user can turn on or turn off the notification?
Yes, its certainly a good idea to have it so, but note that after the initial permissions prompt the same dialog wont be shown again, hence its better to redirect the user to settings of your app where he can re-enable the notification permissions, refer to this thread on implementing the same.
If I need to do #1, how do I call the FCM registration manually? I know that this api [FIRApp configure] will do everything automatically.
I don't have experience in using Firebase directly, but, mostly you don't need to tell anything to Firebase, because it already has a token and it can sent pushes to this device anytime, the next push that comes after user modifies the setting will automatically show up according to latest preferences of the user.
I am using Mixpanel tracking in an iOS project. I can successfully send Mixpanel push notifications to many iOS clients. However, when a client logs out of my app, I no longer wish for them to receive Mixpanel push notifications.
In Mixpanel I can register many device tokens for one user with the function call
-addPushDeviceToken:
However, from what I can see, I cannot unregister a single token for a given user. The closest function I have found is:
-removePushDeviceToken
However this function will obliterate all device tokens for a given user.
The same is true for the Mixpanel web API - namely the function $unset will obliterate the entire property.
How can I handle users logging out of my app on one device without affecting Mixpanel push notifications on their remaining devices?
Thanks,
Update 9/12: as of Mixpanel 3.0.3 the function is now implemented!
Mixpanel.mainInstance().people.addPushDeviceToken(tokenData)
Mixpanel.mainInstance().people.removePushDeviceToken(tokenData)
Mixpanel currently doesn't provide a way to remove a specific token. It has been discussed on their github as an issue, so I guess what you (and I) can do is to check periodically if they update it.
See https://github.com/mixpanel/mixpanel-iphone/issues/164 and https://github.com/mixpanel/mixpanel-iphone/pull/419
We added receiving push notifications to an iPhone app. Everything was working in the test/sandbox environment, we were getting token id's from the app and could send push notifications from our server.
But now the app is approved and came out of the Appstore we were getting empty push tokens/notifications id's send to our server. We already have over 600 of them... Note that end users do get the popup to approve of receiving notifications in the app, the app is just sending empty tokens to our server after approval. So probably empty tokens are handed out by the APNS server.
The following issue showed us that this is probably due to missing 'push notification' entitlement in the provisioning profile we used to make the build for the app store:
How do I check if an iOS distribution provisioning profile has push notifications enabled?
The missing entitlement was due to a bug in Apple's provisiong protal website, but after 'Modify any existing profile before you download the new one' as mentioned in the following article
http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/ProvisioningDevelopment/ProvisioningDevelopment.html
We now have the correct entitlement in our .mobileprovision file:
<key>Entitlements</key>
<dict>
..
<key>aps-environment</key>
<string>production</string>
..
So we are rebuilding our app and adding it to the store. And hoping to get push notifications then.
I hope the above might help some others. But now to get to my actual question: Will we start receiving new push tokens also for the 600+ users that already downloaded the current version when they install the next update out of the store? Or do we need to add some initial code to our app? The registerForRemoteNotifications method is right now only called on application startup. Will it also be triggered when the push token id is changed from empty ('') to an actual token? Of course we do not want to wait another (small) week for the new AppStore approval and only then find out that push notification still aren't working for some users. I'm hoping some expert out there can tell us.
Note: We are using an iPhone app developed in MonoTouch, and using the (old) APNS-Sharp library to send the notifications from our server, but I don't think those details are relevant for this issue.
When those 600+ users install the next update and run the application again, your application will call registerForRemoteNotifications (since you said you call it on startup), and will get the non empty device token (when application:didRegisterForRemoteNotificationsWithDeviceToken: is called).
Apple state in their docs that you should always call this method at startup instead of using a cached copy of the device token, because the device token is not guaranteed to remain the same. So you shouldn't have any problem.
Here's the relevant quote from the APNS docs :
An application should register every time it launches and give its
provider the current token. It calls
the registerForRemoteNotificationTypes: method to kick off the
registration process. The parameter of this method takes a
UIRemoteNotificationType (or, for OS X, a NSRemoteNotificationType)
bit mask that specifies the initial types of notifications that the
application wishes to receive—for example, icon-badging and sounds,
but not alert messages. In iOS, users can thereafter modify the
enabled notification types in the Notifications preference of the
Settings application. In both iOS and OS X, you can retrieve the
currently enabled notification types by calling the
enabledRemoteNotificationTypes method. The operating system does not
badge icons, display alert messages, or play alert sounds if any of
these notifications types are not enabled, even if they are specified
in the notification payload.
This is also relevant :
By requesting the device token and passing it to the provider every
time your application launches, you help to ensure that the provider
has the current token for the device. If a user restores a backup to a
device or computer other than the one that the backup was created for
(for example, the user migrates data to a new device or computer), he
or she must launch the application at least once for it to receive
notifications again. If the user restores backup data to a new device
or computer, or reinstalls the operating system, the device token
changes. Moreover, never cache a device token and give that to your
provider; always get the token from the system whenever you need it.
If your application has previously registered, calling
registerForRemoteNotificationTypes: results in the operating system
passing the device token to the delegate immediately without incurring
additional overhead.